[Nikto-discuss] Newbie needs help
Tony Wasson
tony.wasson at trin.net
Thu Sep 17 14:47:12 UTC 2009
I'm a newbie to nikto, have ran several scans and the output has items like the ones below,
URI
/forum_members.asp?find=%22;}alert('Vulnerable');function%20x(){v%20=%22
HTTP Method
GET
Description
Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). CA-2000-02.
Test Links
http://"mywebsite"/forum_members.asp?find=%22;}alert('Vulnerable');function%20x(){v%20=%22
http:"mywebsiteIP"/forum_members.asp?find=%22;}alert('Vulnerable');function%20x(){v%20=%22
OSVDB Entries
OSVDB-0
URI
/scripts/dose.pl?daily&somefile.txt&|ls|
HTTP Method
GET
Description
DailyDose 1.1 is vulnerable to a directory traversal attack in the 'list' parameter.
Test Links
http://"mywebsite"/scripts/dose.pl?daily&somefile.txt&|ls|
http://"mywebsiteIP"/scripts/dose.pl?daily&somefile.txt&|ls|
OSVDB Entries
OSVDB-2799
How does one interpret this? do I have an actual vulnerability?
Notice: This email message, including any attachments, contains
information belonging to Trinity Industries, Inc. and its business
units. It has been sent solely for the use of the intended
recipients and may be confidential, proprietary, copyrighted, and
legally privileged. If you are not an intended recipient, please
advise the sender of the error and permanently delete all copies of
this email, including any copies that may reside in your deleted
box. The unauthorized review, use, disclosure, distribution, or
copying of this email or its contents is strictly prohibited.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://attrition.org/pipermail/nikto-discuss/attachments/20090917/75f80b5b/attachment.html
More information about the Nikto-discuss
mailing list